Lucene search

SilabsCVELIST:CVE-2023-32096

HistoryMay 18, 2023 - 6:45 p.m.

CVE-2023-32096 Key duplication in GSDK

2023-05-1818:45:08

CWE-14

Silabs

www.cve.org

cve-2023-32096

key duplication

gsdk

silicon labs gecko platform sdk

buffer clearing

ram duplication

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Related for CVELIST:CVE-2023-32096